Home Vulnerabilities Group-IB helps Dutch police identify members of phishing developer gang Fraud FamilySecurity...

Group-IB helps Dutch police identify members of phishing developer gang Fraud FamilySecurity Affairs

Researchers from threat intelligence firm Group-IB helps Dutch police identify members of phishing developer gang known as Fraud Family.

Group-IB, one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, has assisted the Dutch National Police in the operation to apprehend alleged members of a cybercriminal group codenamed ‘Fraud Family.’

Group-IB’s Amsterdam-based team has identified the individuals behind the Dutch-speaking syndicate that develops, sells and rents sophisticated phishing frameworks and shared their findings with the authorities.

According to the police, the operation resulted in the arrest of two suspects, a 24-year-old man and his 15-year-old accomplice, who are thought to be the developer and seller of the phishing frameworks distributed by the Fraud Family.

The 24-year-old suspect will be brought arraigned before the examining magistrate in Rotterdam on Friday, while his 15-year-old accomplice has since been released pending further investigation.
A typical attack, analyzed by Group-IB researchers, started with an email, SMS, or WhatsApp message impersonating a real financial organization. Using well-known brands, fraudsters gained users’ immediate trust. These fake notifications contained malicious links to adversary-controlled phishing websites that steal payment info.

Fraud Family

The detailed technical analysis of Fraud Family’s operations is available in Group-IB’s blog post.

Having analyzed the technical infrastructure and phishing templates used in these fraudulent campaigns, Group-IB researchers uncovered a massive Fraud-as-a-Service operation. The cybercriminal syndicate behind it, which develops, sells and rents sophisticated phishing frameworks to other cybercriminals, targeting users mainly in the Netherlands and Belgium, was codenamed Fraud Family. These frameworks include phishing kits — tools and resources used to steal information — and web panels that allow cybercriminals to interact with the actual phishing site in real time and are used to collect and manage the stolen user data. The complete „plug and play„ phishing service keeps the framework under control and prevents it from leaking to the public.

Group-IB’s cyber investigations experts found out that Fraud Family members actively use Telegram messenger to advertise their services to other less skilled fraudsters. These services included the sale of phishing tools or the rent of ready-to-use infrastructure that comes equipped with the phishing framework and anti-bot tools to prevent crawlers, automated analysis tools and services like VirusTotal and URLScan, and researchers from accessing the phishing sites. Any fraudster can rent the Express Panel for €200 per month or the Reliable Panel for €250.

Fraud Family

Group-IB cyber investigations team discovered at least eight Telegram channels operated by the Fraud Family gang. The whole network of channels has close to 2,000 subscribers. Their most popular group has 640 members. According to Group-IB assessment, half of these users could be actual buyers.

“We have analyzed the panel’s source code, found the roots of the threat, restored the timeline of its evolution. We’ve also examined groups and sellers that were distributing phishing panels and distinguished the core team — Fraud Family. During our research, we have observed group members, determined their roles and functions in the gang, collected their personal identifiers and provided the information to police.” said Anton Ushakov, Deputy Head of the Group-IB’s High-Tech Crime Investigation Department, Europe.

About author: Group-IB


Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, phishing)

Source link


New infosec products of the week: July 23, 2021

Stellar Cyber XDR Kill Chain allows security analyst teams to disrupt cyberattacks Stellar Cyber introduced a...

Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained...

Kaseya obtains REvil decryptor, starts sharing it with afflicted customers • The Register

Software-for-services providers business Kaseya has obtained a "universal decryptor key" for the REvil ransomware and is delivering it to clients. A brief Thursday update...

Most Popular

‘Critical Severity’ Warning for Malware Embedded in Popular JavaScript Library

Security responders are scrambling this weekend to assess the damage from crypto-mining malware embedded in an npm package (JavaScript library) that counts close...

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in "UAParser.js," a popular JavaScript NPM library with over...

Recent Comments